MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

1.12.09

A massive campaign to spread the worm is Koobface In-the-Wild using blogs as a strategy generated from the Blogspot service.Koobface has become a nightmare for social networks and even though its propagation strategies do not change, this malware is almost two years of activity with a significant rate of infection, making it one of the largest botnets today.

Who accesses one of these domains redirected to a page that simulates the typical YouTube screen. We then see a catch.

Immediately after, try to download a binary called "setup.exe" (md5 6d8ac41c64137c91939cced16cb5f2fe) which has a low average detection rate. This binary, in turn takes care of downloading and executing other malicious code.

Each of these files are downloaded from domains Style "homemadesandwiches.com/.sys/?getexe=ff2ie.exe".

The binary v2captcha.exe handles breaking the captcha that asks for registration blogspot blogs, creating massive randomly and the same, and then redirected to the download of Koobface through, as I mentioned at the beginning, a false YouTube page that uses the same visual social engineering approach used in other campaigns similar spread.Undoubtedly Koobface is another malicious code that uses persistence despite many of its variants are detected by most antivirus companies.